video on demandEnabling SNMP, API access on NetApp cluster mode SVMs
In order to get complete monitoring of, and be able delegate access to, Storage Virtual Machines on NetApp Cluster mode, it is necessary to add the SVMs as separate devices, and enable both SNMP and API access on the SVM itself.
The steps required to do so are:
add an SNMP community for the SVM
ensure SNMP is allowed by the firewall configuration of the interface of the SVM: determine the interface used by the SVM; the firewall policy, and amend if needed
enable API access by allowing API access through the SVM firewall, and creating an API user.
In the following example, we will enable access on the images server.
To enable SNMP
First, we can check the current SNMP configuration:
scenariolab::> system snmp community show
scenariolab
ro Logically
Add SNMP community for the SVM (server) images:
scenariolab::> system snmp community add -type ro -community-name Logical -vserver images
Confirm SNMP configuration:
scenariolab::> system snmp community show
images
ro Logical
scenariolab
ro Logically
You can determine the firewall policy used by the interface for a vserver with the following command:
network interface show -fields firewall-policy
vserver lif firewall-policy
------- ---- ---------------
foo lif2 data
images lif1 data
You can then determine if the policy for the server in question (images, using the data policy in our case) allows snmp:
scenariolab::> firewall policy show -service snmp
(system services firewall policy show)
Policy Service Action IP-List
---------------- ---------- ------ --------------------
cluster snmp allow 0.0.0.0/0
data snmp deny 0.0.0.0/0
intercluster snmp deny 0.0.0.0/0
mgmt snmp allow 0.0.0.0/0
As the data policy does not allow SNMP, we could either amend the firewall policy, or create a new one. In this case, we will create a new firewall policy:
system services firewall policy create -policy data1 -service snmp -action allow -ip-list 0.0.0.0/0
scenariolab::> firewall policy show -service snmp
(system services firewall policy show)
Policy Service Action IP-List
---------------- ---------- ------ --------------------
cluster snmp allow 0.0.0.0/0
data snmp deny 0.0.0.0/0
data1 snmp allow 0.0.0.0/0
intercluster snmp deny 0.0.0.0/0
mgmt snmp allow 0.0.0.0/0
We can now assign new policy to the interface used by the vserver images (lif1):
network interface modify -vserver images -lif lif1 -firewall-policy data1
SNMP is now enabled
API
To enable API access the SVM, we must allow HTTP/HTTPS access through the firewall policy used by the SVM's interfaces.
These commands add HTTP and HTTPS access to the new firewall policy we created above, that is already applied to the interface for the vserver images.
system service firewall policy create -policy data1 -service http -action allow -ip-list 0.0.0.0/0
system service firewall policy create -policy data1 -service https -action allow -ip-list 0.0.0.0/0
Now we just need to create an API user in the context of this vserver:
security login create -username logicmonitor -application ontapi -authmethod password -vserver images -role vsadmin
You can now add the SVM as a host to LogicMonitor. You should define the snmp.community, netapp.user, and netapp.pass properties for the host to allow access.